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DETAILED ACTION 

1 . This action is in response to Applicant's request for continued examination. Claims 1 and 
9 are amended. Claims 20-24 are added. Accordingly, claims 1-24 are presented for further 
examination. 

2. This action is a non-final rejection. 

Continued Examination Under 37 CFR 1.114 

3. A request for continued examination under 37 CFR 1.1 14, including the fee set forth in 
37 CFR 1 .17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.1 14, and the fee set forth in 37 CFR 1.17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.1 14. Applicant's submission filed on 2/9/2009 has been entered. 

Response to Arguments 

4. Applicant's arguments with respect to claims 1-24 have been considered but are moot in 
view of the new ground(s) of rejection. 

Allowable Subject Matter 

5. Claims 20-23 are allowed. Claim 24 would be allowable if rewritten to overcome the 
rejection(s) under 35 U.S.C. 1 12, 2nd paragraph, set forth in this Office action and to include all 
of the limitations of the base claim and any intervening claims. 
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Claim Rejections - 35 USC § 112 

The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

6. Claim 24 is rejected under 35 U.S.C. 1 12, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant regards as 
the invention. Claim 24 lacks proper antecedent basis for "the clock time." 



Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 



7. Claims 1-16 are rejected under 35 U.S.C. 103(a) as being unpatentable over Rabne et al. 
(U.S. Patent Number 6,006,332), hereinafter referred to as Rabne, in view of O'Brien et al, U.S. 
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Patent No. 6.658.571 ["O'Brien"], further in view of Leveridge et al, U.S. Patent No. 7.233.997 
["Leveridge"]. 

8. Rabne disclosed a system for controlling access to and protecting use of digitized data 
utilizing a secure rights management server. In an analogous art, O'Brien is directed towards a 
security framework utilizing kernel-based security modules to protect file systems by controlling 
access to and protecting use of computer files. Also in an analogous art, Leveridge is directed to 
a system for rights-based access to a network file system. 

9. Concerning claims 1 and 9, Rabne did not explicitly state a client module configured to 
interface to a client operating system kernel and configured to enforce a set of usage rights 
within the operating system kernel without application rewrites, wherein enforcing the set of 
usage rights includes: intercepting a system call between an application and the client OS, 
evaluating the system call based on the set of usage rights, and blocking or modifying the system 
call based on said evaluation. However, allowing a system to enforce access rights in an 
operating system kernel by intercepting system calls and evaluating the system call based on the 
access rights was a well known feature in the art as evidenced by O'Brien whose system uses a 
security mechanism at the operating system level to determine usage rights for users or 
processes. Further, as discussed above, the limitation "without application rewrites" is merely an 
effect of performing the enforcement within the OS kernel. Thus, since O'Brien discloses 
enforcing usage rights at the OS level, O'Brien implicitly teaches the limitation. It would have 
been obvious to one of ordinary skill in the art at the time of the applicant's invention to modify 
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the system of Rabne by adding the ability to use a client module configured to interface to a 
client operating system kernel and configured to enforce a set of usage rights within the 
operating system kernel by intercepting system calls and evaluating the system calls based on the 
set of usage rights as provided by O'Brien. Here the combination satisfies the need for a system 
to control and monitor the access and use of restricted content on a network. See Rabne, column 
3, lines 32-38. Additionally, O'Brien's kernel level enforcement provide more protection than 
traditional security routines [see O'Brien, column 3 «lines 61-64»]. 

10. Also concerning claims 1 and 9, the combination of Rabne and O'Brien did not explicitly 
state obtaining the content on an individual block basis and related limitations. Rabne, who 
teaches the distribution of intellectual property over a network, is not specific on how this 
content is transferred; for example Rabne is not specific as to whether it is transferred on an 
individual block basis. However, obtaining content comprising data blocks from content sources 
on an individual block basis is well known in the art as evidenced by Leveridge whose system 
transmits content on an individual block basis based on access policies associated with a user 
[column 6 «lines 20-25 » | column 14 «lines 47-60»]. Leveridge further discloses wherein 
selectively obtaining content comprising data blocks includes: obtaining data blocks from said 
content sources, each data block being of a fixed preconfigured size [Fig. 14], said fixed 
preconfigured size being associated with said content and stored on said content sources and 
obtaining the fixed preconfigured size associated with said content from said content sources 
[column 14 «lines 47-60»]. 
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It would have been obvious to one of ordinary skill in the art at the time of the applicant's 
invention to modify the combination of Rabne and O'Brien by adding the ability to obtain 
content on an individual block basis (of a fixed preconfigured size) as well as the access policies 
that comprise predefined usage policies associated with the content for the user as provided by 
Leveridge. Obtaining content on an individual block basis allows each block to be encrypted 
which would increase Rabne 's content distribution system [see Leveridge, column 14 «lines 4- 
19»]. Modifying Rabne 's content distribution system to include such functionality is merely an 
example of using a known technique (Leveridge 's individual block delivery in a content 
distribution system) to improve similar devices (Rabne 's content distribution system) in the same 
way. SeeMPEP § 2143. 

1 1 . All citations are to Rabne unless otherwise noted. Some claims will be discussed 
together. Those claims which are essentially the same except that they set forth the claimed 
invention as a method are rejected under the same rationale applied to the described claim. 

12. Thereby, the combination of Rabne, O'Brien, and Taylor discloses: 
• <Claims 1 and 9> 

A dynamic file access control and management system configured to access one 
or more content sources including a set of content, said system comprising: 

A. a proxy system linked to said one or more content sources, said proxy system 
comprising an access control module configured to selectively obtain content comprising 
data blocks from said content sources on an individual block basis as a function of an 
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authorization of a user requesting said content and a set of access policies (Leveridge, 
column 6 «lines 20-25 » | column 14 «lines 47-60») that comprise a set of predefined 
usage policies associated with the content for said user (column 8, lines 11-14 and 34-37 
- Rabne's license agreement reads on Applicant's claimed usage policy); 

B. a rights management module configured to generate a set of usage rights 
associated with said content as a function of a set of predefined usage policies associated 
with said content for said user (column 8, lines 1 1-37 - permissions rights generated from 
the license agreement); 

C. at least one client device having a client module configured to interface to a 
client operating system kernel, said client module configured to enforce the set of usage 
rights within the operating system kernel without application rewrites (column 6, lines 
31-45 and O'Brien, column 3 «lines 39-55» : O'Brien's kernel-level security modules 
apply security policies by granting or denying access to resources), wherein enforcing the 
set of usage rights includes: 

intercepting a system call between an application and the client OS 
[O'Brien, column 5 «lines 28-36» | column 7 «lines 10-12»]; 

evaluating the system call based on the set of usage rights [O 'Brien, 
column 5 «lines 56-66» | column 7 «lines 27-40»]; and 

blocking or modifying the system call based on said evaluation [O 'Brien, 
column 5 «line 67» to column 6 «line 4» | column 7 «lines 41-48»]; 

D. one or more communication means, via which said content and said usage 
rights are provided to said client device (column 3, lines 52-59); 
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wherein selectively obtaining content comprising data blocks from said content 
sources on an individual block basis includes: obtaining data blocks from said content 
sources, each data block being of a fixed preconfigured size [Leveridge, Fig. 14], said 
fixed preconfigured size being associated with said content and stored on said content 
sources and obtaining the fixed preconfigured size associated with said content from said 
content sources [Leveridge, column 14 «lines 47-60»]. 

• <Claims 2 and 10> 

The system according to claim 1 , wherein said content and said usage rights are 
provided to said client device via different communication means (column 10, lines 34- 
48). 

• <Claims 3 and 11> 

The system according to claim 1 , wherein said content includes static content 
(column 6, lines 53-60). 

• <Claims 4 and 12> 

The system according to claim 1 , wherein said content includes dynamic content 
(column 6, lines 53-60). 

• <Claims 5 and 13> 

The system according to claim 1 , wherein said communication means includes a 
secure transform configured to encrypt and encapsulate said content into a message as a 
function of a session ID and said client is configured to extract said content from said 
message (column 7, lines 10-19). 

• <Claims 6 and 14> 
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The system according to claim 1 , wherein said proxy system further includes a 
user interface, configured to facilitate creation and editing of said access policies and said 
usage policies and association of said access policies and said usage policies with said 
content (column 18, lines 20-32 and 50-67). 

• <Claims 7 and 15> 

The system as in claim 1 , wherein said client device is a device from a group 
comprising: 1) a personal computer; 2) a workstation; 3) a personal digital assistant; 4) an 
e-mail device; 5) a cellular telephone; 6) a Web enabled appliance; and 7) a server 
(column 6, lines 31-45). 

• <Claims 8 and 16> 

The system of claim 1 , wherein said proxy system and at least one of said content 
sources are hosted on the same computing device (figure lb, item 22). 
Since the combination of Rabne, O'Brien, and Leveridge discloses all of the above 
limitations, claims 1-16 are rejected. 

13. Claims 17 and 19 are rejected under 35 U.S.C. § 103(a) as being unpatentable over Rabne, 
O'Brien, and Leveridge as applied to claims 1-16 above, in further view of Holden et al, U.S. 
Patent No. 5.802.178 ["Holden"]. 

14. With respect to claims 17 and 19, Rabne as modified by O'Brien and Taylor does not 
expressly disclose the access control module of the proxy system further configured to encrypt 
each data block of the content independently, using a unique initialization vector for each data 
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block and one or more encryption/decryption keys and wherein the one or more communication 
means also provide the one or more encryption decryption keys to said client device. However, 
these features were well known in the art at the time of Applicant's invention as evidenced by 
Holden. Like Rabne, Holden is directed to a system providing security system policies that 
regulate access control [column 5 «lines 33-52»]. Within this system, Holden discloses 
encrypting each data block of the content independently, using a unique initialization vector for 
each data block and one or more encryption/decryption keys [column 16 «line 64» to column 17 
«line 10»], and providing the one or more encryption/decryption keys to a client [column 10 
«lines 17-28» | column 19 «lines 9-12»: sharing an association key with other computers to be 
used in decrypting the encrypted data block]. Holden' s SNIU reads on the claimed access 
control module. It would have been obvious to one of ordinary skill in the art to have modified 
Rabne with the encryption functionality taught in Holden. One would have been motivated to 
have so modified Rabne because Holden' s encryption features provide greater security benefits 
to Rabne's system [see Holden, column 3 «lines 18-25»]. 

15. Thereby, the combination of Rabne, O'Brien, Leveridge, and Holden discloses: 
• «Claims 17 and 19» 
The system according to claim 1 : 

wherein the access control module is further configured to encrypt each data block of the 
content independently, using a unique initialization vector for each data block and one or 
more encryption/decryption keys [Holden, column 16 «line 64» to column 17 «line 10»]; and 
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wherein the one or more communication means also provide the one or more encryption 
decryption keys to said client device [Holden, column 10 «lines 17-28» | column 19 «lines 9- 
12»: sharing an association key with other computers to be used in decrypting the encrypted 
data block]. 

16. Claim 18 is rejected under 35 U.S.C. §103(a) as being unpatentable over Rabne, O'Brien, 
and Leveridge as applied to claims 1-16 above, in further view of Shaath et al, U.S. Patent No. 
7.392.234 ["Shaath"]. 

17. As to claim 18, Rabne as modified by O'Brien and Taylor does not disclose each content 
source stores a plurality of directories, at least one director including a plurality of content files 
and a metafile, wherein the metafile stores a plurality of records, each record corresponding to 
one of the plurality of content files within that directory, each record storing the set of predefined 
usage policies associated with the corresponding content file as evidenced by Shaath. Like 
Rabne, Shaath is directed towards a system for enforcing usage rights on content files [column 5 
«line 67» to column 6 «line 1 1»]. Shaath discloses content source stores a plurality of directories 
[column 5 «lines 44-54»], at least one director including a plurality of content files and a 
metafile [column 5 «lines 55-61»: Shaath's policy reads on the claimed metafile | column 12 
«lines 13-21»], wherein the metafile stores a plurality of records, each record corresponding to 
one of the plurality of content files within that directory, each record storing the set of predefined 
usage policies associated with the corresponding content file [column 1 1 «lines 23-30» | column 
12 «line 13» to column 13 «line 28»]. It would have been obvious to one of ordinary skill in the 
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art to have modified Rabne's system to include Shaath's directory-based policy enforcement. 
Rabne's system would be improved by implementing Shaath's teaching because it allows for a 
hierarchical and automated application of file lifecycle policies [column 5 «lines 44-48» | column 
6 «lines 12-11 »]. 

18. Thereby, the combination of Rabne, O'Brien, Leveridge and Shaath discloses: 
• «Claim 18» 

The system according to claim 1 , wherein each content source stores a plurality of 
directories [column 5 «lines 44-54»], at least one director including a plurality of content files 
and a metafile [column 5 «lines 55-61»: Shaath's policy reads on the claimed metafile | column 
12 «lines 13-21»], wherein the metafile stores a plurality of records, each record corresponding 
to one of the plurality of content files within that directory, each record storing the set of 
predefined usage policies associated with the corresponding content file [column 1 1 «lines 23- 
30» | column 12 «line 13» to column 13 «line 28»]. 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure: 

Nuttall, U.S. Patent No. 6.202.056; 
Schmeidler et al, U.S. Patent No. 6.763.370; 
Elgressy et al, U.S. Patent No. 7.383.569. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to DOHM CHANKONG whose telephone number is (571)272- 
3942. The examiner can normally be reached on Monday-Friday [8:30 AM to 4:30 PM]. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John Follansbee can be reached on 57 1 .272.3964. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Dohm Chankong/ 
Examiner, Art Unit 2452 



